Why It May Be Worth Paying The Ransom In A Ransomware Attack

Australia is being hit hard by ransomware attacks and we’ve heard a lot of security vendors advise against paying the ransom that cybercriminals demand to decrypt locked files. But RSA CTO Zulfikar Ramzan thinks it’s better to just pay up. Here’s why.

Ransomware has become a popular tool for cybercriminals to make money, mainly because it’s easy to use; there are exploit that require little technical knowledge to deploy and there’s a whole underground industry supporting it.

“With traditional cybercrime, it used to be more about getting credit card numbers and the lot,” Ramzan told Lifehacker Australia at RSA Conference 2016 in Singapore. Cybercriminals will then need to take a number of steps, from credit card cloning to recruiting money mules to move funds, to make use of the stolen data, which can be exceptionally complicated. “Fast forward to today, ransomware accepts Bitcoins and all of a sudden you’ve eliminated the whole aspect of the business that requires you to know how to monetise stolen credit cards.”

While the recommendation of many security vendors is to not paying the ransom if you or your company do fall victim to ransomware, Ramzan has a different perspective on this.

“I advocate the opposite; I say, usually, just pay the ransom,” he said. It should be mentioned that if you’ve had the foresight to backup your data regularly then you wouldn’t have to worry about ransomware locking up your files. But if you haven’t, Razman said: “The bad guys have always been bad, but they realise that it’s a business opportunity for them; if they don’t decrypt your data when you pay the ransom, the reputation of their business will go down.”

The ransomware business is so organised that there’s even around the clock customer support to answer the questions of victims. For example, if victims don’t know how to set up a Bitcoin wallet to pay the ransom, the customer service folks for that ransomware attack will guide them through it step-by-step, according to Ramzan.

“They only make money by following through with what they said they’re going to do when you pay the ransom,” he said. “Depending on the ransom and all the circumstances, if it’s critical data to you, we say you should seriously consider paying the ransom because you’re not going to get your data back through some other means.

“Ten years ago it was a different story – a lot of ransomware was not very sophisticated and there were probably other ways to get your data back without paying.”